Computer Crime Research Center

How to prevent most network attacks

Eighty-four percent of serious network attacks could have been prevented if, in addition to checking user identity and password, organizations had verified the identity of the computers connecting to their networks, according to a report by research firm Trusted Strategies LLC in Pleasanton, Calif. That report, commissioned by BIOS maker Phoenix Technologies Ltd. in Milpitas, Calif., only covers cases where companies reported the incidents and federal officials were able to charge someone with a crime.

Among such cases, attacks that used stolen IDs and passwords caused greater damage than previously thought, said Bill Bosen, co-founder of Trusted Strategies and author the report, "Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006" (download PDF).

The study analyzed data from all cases prosecuted and publicly disclosed by the U.S. Department of Justice between March 1999 and February 2006, Bosen said.
Original article